networks lauren hickman patrick mccamy morgan pace noah ryder

NETWORKS

Lauren Hickman

Patrick McCamy

Morgan Pace

Noah Ryder

Objectives

Types of Networks Components of Networks Risks to Networks Network Security/Controls Auditing Networks

What is a Network?

Two or more connected computers that allow the process of telecommunications to occur

Telecommunications is the transfer of text, audio, video, or other data formats

Types of Networks

Characterized in 3 categories: Distance Ownership Client/Server Networks

Distance

Local Area Network (LAN) Connected computers within a short

geographical distance of one another Wide Area Network (WAN)

Connects computer large geographic away from one another

Ownership

Intranet Internal network within a company

Extranet Connects internal network to outside

business partners Virtual Private Network (VPN)

Uses public internet connection but achieves privacy through encryption and authentication

Client/Server Networks

Network servers that manage the networks and host applications that are shared with client computers

Two types: Two-tiered Three-tiered

Network Security and Controls Authentication

Process of ensuring users are who they say they are

Encryption Scrambling or coding data so that anyone

who views will not be able to decode it without a decryption key

Firewalls Hardware and software to control outside

access to the network

Components of a Network

Computers and terminals Telecommunication channels Telecommunication processors Routers and Switching devices

Computers and Terminals

Computers process data in a network and send/receive information to and from terminals

Terminals serve as input/output devices

Telecommunications Channels Transmit data from computer to

computer Physical transmitters Wireless transmitters

Telecommunications Processors Most common is a modem

Transforms digital communication signals to analog signals for transfer and then back to digital signals

Digital communication networks

Routers and Switching Devices Switches: connect network components

and ensure messages are delivered to appropriate destinations

Routers: similar to switches but with more complex features based on protocols

Approaches to switching Message switching Packet switching Circuit switching

Risks to Networks

Social Engineering Physical Infrastructure Threats Programmed Threats Denial of Service Threats Software Vulnerabilities

Social Engineering Diversion

“Soc-ing”

VoIP Vulnerabilities – Can open channel to network that is not fire-walled

Phishing Scams – i.e. – emails from unknown persons containing malicious links.

Cross Site Scripting (XSS) – leads to account hijacking, changing of user settings, cookie theft/poisoning, or false advertising

Network Security

Network manager and network security administration

Authentication Encryption Firewalls

Auditing Networks

Perform risk assessment procedures to assess vulnerabilities

Evaluate controls and their effectiveness Auditing Network Security

Network diagrams Determine what assets, who has access,

and understand connections Penetration testing Benchmarking

Risk Assessment Procedures Basic vulnerabilities of a network

Interception- transmitted data is intercepted by a third party

Availability- unavailability of the network could result in losses for the firm

Access/Entry points- a weak point in access can make the information assets vulnerable to intruders

Evaluate Controls

Physical access controls Transmitted information should be

encrypted Network should have sufficient

management Controls to limit the type of traffic Passwords for everyone who has access

Auditing Networks

Network diagrams Determine what assets Who has access Understand connections Penetration testing

Questions?